www-gui-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bo...@guardian.no
Subject Re: An interface to Apache
Date Tue, 24 Jun 1997 13:04:41 GMT
[Marc Slemko]
| The problem is that if you can modify the config files, then in most
| setups (ie. where Apache is started by root) you can get root.  As
| simple as that.  Running the admin server as a non-root UID just
| adds another step to the process of getting root.

you are right.  perhaps one should include a compile time option to
hard code the uid of the server and not allow the config to override

 Bjørn Borud <borud@guardian.no>       | "The Net interprets censorship 
 <URL:http://www.pvv.unit.no/~borud/>  | as damage and routes around it."
 UNIX person, one of "them"            |         - John Gilmore

View raw message